
ft_transcendence Surprise.
V.6 Cybersecurity
These cybersecurity modules are designed to enhance the security posture of the project.
The major module focuses on robust protection through Web Application Firewall (WAF)
and ModSecurity conļ¬gurations, as well as HashiCorp Vault for secure secrets manage-
ment. The minor modules complement this eļ¬ort by adding features for GDPR com-
pliance, user data anonymization, account deletion, Two-Factor authentication (2FA),
and JSON Web Tokens (JWT), collectively ensuring the projectās commitment to data
protection, privacy, and authentication security.
ā¢Major module: Implement WAF/ModSecurity with Hardened Conļ¬guration and
HashiCorp Vault for Secrets Management.
The objective of this major module is to enhance the security infrastructure of the
project by implementing several key components. Key features and goals include:
ā¦Conļ¬gure and deploy a Web Application Firewall (WAF) and ModSecurity
with a strict and secure conļ¬guration to protect against web-based attacks.
ā¦Integrate HashiCorp Vault to securely manage and store sensitive information,
such as API keys, credentials, and environment variables, ensuring that these
secrets are properly encrypted and isolated.
This major module aims to bolster the projectās security infrastructure by imple-
menting robust security measures, including WAF/ModSecurity for web application
protection and HashiCorp Vault for secrets management to ensure a safe and secure
environment.
ā¢Minor module: GDPR compliance options with user anonymization, local data
management, and account deletion.
The goal of this minor module is to introduce GDPR compliance options that allow
users to exercise their data privacy rights. Key features and objectives include:
ā¦Implement GDPR-compliant features that enable users to request anonymiza-
tion of their personal data, ensuring that their identity and sensitive informa-
tion are protected.
ā¦Provide tools for users to manage their local data, including the ability to
view, edit, or delete their personal information stored within the system.
ā¦Oļ¬er a streamlined process for users to request the permanent deletion of
their accounts, including all associated data, ensuring compliance with data
protection regulations.
ā¦Maintain clear and transparent communication with users regarding their data
privacy rights, with easily accessible options to exercise these rights.
This minor module aims to enhance user privacy and data protection by oļ¬ering
GDPR compliance options that empower users to control their personal information
and exercise their data privacy rights within the system.
If you are not familiar with the General Data Protection Regulation (GDPR), it
22